CVE-2017-7308
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
La función packet_set_ring en el archivo net/packet/af_packet.c en el kernel de Linux hasta versión 4.10.6, no comprueba apropiadamente ciertos datos de tamaño de bloque, lo que permite a los usuarios locales causar una denegación de servicio (error de firma de enteros y escritura fuera de límites), y alcanzar privilegios (si se mantiene la capacidad CAP_NET_RAW), por medio de llamadas de sistema diseñadas.
It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-29 CVE Reserved
- 2017-03-29 CVE Published
- 2018-12-29 First Exploit
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-681: Incorrect Conversion between Numeric Types
- CWE-787: Out-of-bounds Write
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97234 | Third Party Advisory | |
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html | Third Party Advisory | |
https://patchwork.ozlabs.org/patch/744811 | Third Party Advisory | |
https://patchwork.ozlabs.org/patch/744812 | Third Party Advisory | |
https://patchwork.ozlabs.org/patch/744813 | Third Party Advisory | |
https://source.android.com/security/bulletin/2017-07-01 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44654 | 2024-08-05 | |
https://www.exploit-db.com/exploits/41994 | 2024-08-05 | |
https://www.exploit-db.com/exploits/47168 | 2018-12-29 | |
https://github.com/anldori/CVE-2017-7308 | 2023-01-09 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1297 | 2023-02-14 | |
https://access.redhat.com/errata/RHSA-2017:1298 | 2023-02-14 | |
https://access.redhat.com/errata/RHSA-2017:1308 | 2023-02-14 | |
https://access.redhat.com/errata/RHSA-2018:1854 | 2023-02-14 | |
https://access.redhat.com/security/cve/CVE-2017-7308 | 2018-06-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1437404 | 2018-06-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.27 < 3.2.89 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 3.2.89" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.107" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.74 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.74" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.44" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.52" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.41" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.66 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.66" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.26" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.10.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.10.14" | - |
Affected
|